This document discusses Canonical and Ubuntu, focusing on innovations in security for internet of things (IoT) devices. It introduces Snappy Ubuntu Core, a new version of Ubuntu optimized for IoT with features like sandboxing, digital signatures, and over-the-air updates to provide maximum security. Snappy Ubuntu Core is targeted towards device manufacturers who want to focus on differentiating hardware and services rather than building a full operating system, with the goals of proven updates, data security, and leveraging an existing developer community. Examples are provided of how Snappy principles could prevent exploits seen in other IoT devices.
3. Canonical and Ubuntu Introduction
London
Boston Beijing
EMPLOYEES
700+ COUNTRIES
30+FOUNDED
2004
Canonical has been developing operating
systems since 2004, and is now extending
the Ubuntu OS on smart devices.
Ubuntu is an open-source operating
system, currently established on server,
cloud, desktop and thin client.
Taipei
4. Ubuntu: where are we now?
The world’s 3rd most popular PC OS
90% of the Linux market
25,000,000 users
and still counting
This year we launched 3 Mobiles
bq E4.5, bq E5 and MX4
#1 Guest OS in Public Clouds
AWS, HP, Azure, Google Compute..
5. The great thing about the internet of things
is that everything is connected
6. The scary thing about the internet of things
is that everything is connected
7.
8. DNS exploit
"Is it serious? Yes it definitely is, [..]Because whenever anybody gets access to
your router, they can alter settings to direct traffic to places you don't want it to go
to."
Jonathan Wu, senior director of product management at Netgear
Netgear router owners would be prompted to update their firmware if:
● they logged into their router's admin settings, or
● they had the Netgear genie app installed on their computer, tablet or
smartphone.
9.
10. Car exploits include ..
● Taking control of the car via hacking the entertainment system
● Drive the car to a ditch by hacking the radio system
● Unlock your car remotely
11. Leaked trusted signing key
● Open source firmware for surveillance camera (GOOD!)
● Inside the source tree, there was a signing key trusted by Windows
(BAD!)
● You could sign any software with it a make it look legit
12.
13. What could we have done better..
● Keep it small and simple
complex systems are harder to secure, don’t carry unnecessary
load
● Sandboxing
A hack to the radio should not be able to lead to a ditch
● Reuse
Basic components are shared across devices, a single issue can
affect a large number, but also will harden faster
● Update ready
Jeep vs Tesla. Very similar hack. Tesla ship an Over The Air (OTA)
update, Jeep had to recall 1.4M cars
some common principles
14. We have done it all before
so why not apply it to IoT?
● Only what is needed in the phone
(no more, no less)
● All apps in the phone are
sandboxed
● Common rootfs images across
phones, common “custom” image
across locales, HW specifics in
device image
● Canonical hosted OTA channels,
including devel, release and stable
16. Ubuntu Core is small, secure, fast
All the goodness of Ubuntu in a device-centric rendition
Snappy transactional updates
Simpler application packaging
Rigorous security guarantees
17. Modular architecture for independent updates
Apps Apps Apps
Frameworks Frameworks Frameworks
Ubuntu core
Kernel and Hardware Capabilities List
18. Maximum security and integrity
Snappy uniquely combines
best-in-business security
with ease of use
Apps isolated
from one another
and from the OS
Enforced by Canonical’s
AppArmor security system
Digital signatures
guarantee integrity
19. traditional ubuntu
kernel snap
snappy ubuntu
os snap
app snapapp snap
kernel config
os writable files
app writable
area
app writable
areaany package can
write to any file
read-only
snaps
writable
spaces
per snap
filesystem
20. Awesome on devices
Vendors control their app
distribution and updates directly
Shared frameworks extend the
base operating system
Base operating system is free and
built on the best of Ubuntu
The new Ubuntu for embedded products on ARM & x86
21. Minimum system requirements
Processor Architecture
Intel x86 or ARMv7/v8 (Cortex-A7 single core or above)
Memory
256MB+
Flash Storage
4GB System storage
Available Connectivity types
WiFi, Ethernet, USB, BT4.0 BLE, ..
23. Snappy Ubuntu Core is targeted to manufacturers of smart embedded
devices that focus on differentiating their products via great hardware and
services.
Who is snappy Ubuntu Core for
What does a snappy manufacturer look like?
They focus on differentiating
features since they don't need to
worry about building and
maintaining a full OS system stack
They want proven and reliable
methods to update devices in the
market
They care deeply about
security of their devices and
user’s data
They leverage an existing community
of developers and partners